CtrlK
BlogDocsLog inGet started
Tessl Logo

cursor-compliance-audit

Compliance and security auditing for Cursor IDE usage: SOC 2, GDPR, HIPAA assessment, evidence collection, and remediation. Triggers on "cursor compliance", "cursor audit", "cursor security review", "cursor soc2", "cursor gdpr", "cursor data governance".

57

Quality

67%

Does it follow best practices?

Impact

No eval scenarios have been run

SecuritybySnyk

Passed

No known issues

Fix and improve this skill with Tessl

tessl review fix ./plugins/saas-packs/cursor-pack/skills/cursor-compliance-audit/SKILL.md
SKILL.md
Quality
Evals
Security

Quality

Content

57%

Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.

The body is highly actionable with concrete checklists and remediation guidance, but it does not use its own reference bundle at all and omits validation checkpoints in its remediation workflows. Splitting inline detail into the existing reference files with signaled links would materially improve it.

Suggestions

Link to the existing references/ files (e.g., point SOC 2/GDPR detail to compliance-by-framework.md, remediation steps to remediation.md, tooling to audit-tools.md) so the body becomes a concise overview with one-level-deep navigation.

Add explicit verification/validation checkpoints to each Remediation Playbook finding (e.g., re-check admin dashboard to confirm Privacy Mode is enforced, re-run access review to confirm departed accounts are deactivated).

Trim or move the inline ASCII data-flow diagram into a reference file, since the certification/data-processing table already conveys the architecture.

DimensionReasoningScore

Conciseness

Mostly efficient tables and checklists, but the inline ASCII diagrams and extended checklists could be tightened; some content (e.g., the full data-flow diagram) is context Claude could infer from the table.

2 / 3

Actionability

Provides concrete, copy-paste-ready checklists, specific .cursorignore patterns, exact admin-dashboard navigation steps, and named evidence artifacts per control.

3 / 3

Workflow Clarity

Checklists and remediation steps are clearly sequenced, but batch/deprovisioning and remediation operations lack explicit validation/verification checkpoints confirming the fix worked, which caps workflow clarity at 2 per the rubric.

2 / 3

Progressive Disclosure

Seven bundle files exist in references/ (audit-procedures, audit-tools, compliance-by-framework, errors, examples, remediation, security-audit-checklist) but the body never references or links to any of them, leaving a monolithic wall of inline content with an undiscovered reference layer.

1 / 3

Total

8

/

12

Passed

Description

77%

Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.

The description is specific and clearly niched to Cursor compliance, with strong natural trigger terms. It is weakened by embedding triggers awkwardly and lacking a clean explicit 'Use when' usage clause, which caps completeness.

Suggestions

Rewrite the trailing trigger list as a single explicit 'Use when...' clause (e.g., 'Use when the user asks for a Cursor compliance, SOC 2, GDPR, or HIPAA audit, or a Cursor security review.') to satisfy the completeness 'when' requirement.

Move trigger keywords out of the multi-line description into a concise sentence so the description reads cleanly without line-wrapped keyword fragments.

DimensionReasoningScore

Specificity

Lists multiple concrete actions (SOC 2, GDPR, HIPAA assessment, evidence collection, remediation) rather than vague language.

3 / 3

Completeness

The 'what' is clear, but the explicit 'when to use' trigger guidance is phrased as 'Triggers on' rather than a natural 'Use when' clause, and the description is cluttered by embedded trigger keywords rather than a clear usage clause; per the rubric a missing explicit 'Use when...' guidance caps completeness at 2.

2 / 3

Trigger Term Quality

Provides good coverage of natural trigger phrases users would say ('cursor compliance', 'cursor audit', 'cursor security review', 'cursor soc2', 'cursor gdpr', 'cursor data governance').

3 / 3

Distinctiveness Conflict Risk

Tied specifically to Cursor IDE compliance auditing with distinct triggers, making it unlikely to conflict with other skills.

3 / 3

Total

11

/

12

Passed

Validation

87%

Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.

Validation14 / 16 Passed

Validation for skill structure

CriteriaDescriptionResult

allowed_tools_field

'allowed-tools' contains unusual tool name(s)

Warning

frontmatter_unknown_keys

Unknown frontmatter key(s) found; consider removing or moving to metadata

Warning

Total

14

/

16

Passed

Repository
jeremylongshore/claude-code-plugins-plus-skills
Reviewed

Table of Contents

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.